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DETAILED ACTION 

1 . Claims 1-112 have been presented for examination. Claims 2-90 have been canceled and 
new claims 91-112 have been added in a preliminary amendment filed 10/03/2000. Claims 1 and 
91-112 have been examined. 

Priority 

2. Acknowledgment is made that the instant application is a continuation of Application No. 
09/328,671, filed 06/09/1999, now U.S. Patent No. 6,389,402 Bl, which is a continuation of 
Application No. 08/964,333, filed 1 1/04/1997, now U.S. Patent No. 5,982,891 A, which is a 
continuation of Application No. 08/388,107, filed 02/13/1995, now abandoned. 

Drawings 

3. The drawings filed on 10/03/2000 are acceptable as indicated on the "Notice of 
Draftperson f s Patent Drawing Review," PTO-948, attached to this Office action. 

Claim Rejections - 35 USC § 112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claims 97-99 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 
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Claim 97 recites the limitation "the audit information" in line 1 . There is insufficient 
antecedent basis for this limitation in the claim. This rejection can be overcome by deleting 
"audit" in line 1 and replacing with —audit-related--. 

Claim 98 recites the limitation "the audit information" in line 1. There is insufficient 
antecedent basis for this limitation in the claim. This rejection can be overcome by deleting 
"audit" in line 1 and replacing with —audit-related—. 

Claim 99 recites the limitation "the audit information" in line 1 . There is insufficient 
antecedent basis for this limitation in the claim. This rejection can be overcome by deleting 
"audit" in line 1 and replacing with —audit-related--. 

Claim Rejections - 35 USC § 102 
6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
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reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 

35U.S.C. 102(e)). 

(f) he did not himself invent the subject matter sought to be patented. 

7. Claims 1, 91-103, and 108-1 12 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Callais et al., U.S. Patent No. 3,790,700 A. 

As per claim 1, Callais et al. describe a secure component-based operating process 
including: 

(a) retrieving at least one component (see column 5, lines 4-8; allowing a subscription TV 
program to be previewed on a predetermined channel); 

(b) retrieving a record that specifies a component assembly (see column 5, lines 22-26; 
figure 1, item 43; generating a pay TV request signal); 

(c) checking the component and record for validity (see column 5, lines 57-60; figure 1, 
items 16 and 17; the pay TV request signal will be determined to see if the subscriber is one of 
the persons on its restricted list of persons authorized to receive the requested program); 

(d) using the component to form the component assembly in accordance with the record 
(see column 6, lines 4-11; figure 1, items 31 and 27; processing the channel data so that the 
converter can be placed in the "on" condition); and 

(e) performing a process based at least in part on the component assembly (see column 6, 
lines 4-11; figure 1, item 25; allowing the subscriber to receive the restricted program). 

As per claim 91, Callais et al. illustrate a method of using a governed item at a processing 
arrangement including: 
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receiving a first rule at the processing arrangement (see column 5, lines 4-10; figure 1, 
items 16, 25, and 3 1 ; transmitting a preview enable command downstream to the control circuit 
to allow a subscription TV program to be previewed on a predetermined channel); 

receiving a second rule at the processing arrangement, being received independently from 
the first rule and from the governed item (see column 5, lines 14-18; figure 1, item 41; the 
subscriber inserting a key in a key control unit which enables subscription TV request); and 

at the processing arrangement, employing the first rule and the second rule to securely 
govern at least one aspect of access to and use of the governed item (see column 5, lines 36-40; 
figure 1, items 45 and 17; combining the pay TV request signal and channel code and 
transmitting the combined signal to initiate a downstream signal to enable viewing), and 

storing audit-related information relating to the access and use (see column 5, line 41; 
confirming that the subscriber has been billed). 

As per claim 92, Callais et al. further point out: 

the first rule is indirectly received from a first entity (see column 5, lines 4-10; figure 1, 
items 16, 21 , 25, and 3 1 ; the local processing center (LPC) transmitting a preview enable 
command downstream through a cable drop line); and 

the second rule is indirectly received from a second entity different from the first entity 
(see column 5, lines 14-18; figure 1, item 41; the subscriber inserting a key in a key control unit 
which enables subscription TV request). 


As per claim 93, Callais et al. additionally mention: 
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receiving the governed item along with the first rule (see column 5, lines 4-10; figure 1, 
items 17, 21, and 25; transmitting the preview enable command with the subscription TV 
program). 

8. Claims 1, are rejected under 35 U.S.C. 102(b) and (f) as being anticipated by Shear, U.S. 
Patent No. 5,050,213 A. 

As per claim 1, Shear depicts a secure component-based operating process including: 

(a) retrieving at least one component (see column 11, lines 34-36; figure 1, blocks 100 
and 200; figure 2, block 106; loading one or more blocks of the stored database information; 

(b) retrieving a record that specifies a component assembly (see column 11, lines 28-33; 
figure 1, blocks 100 and 200; figure 2, block 102; reading index information to ascertain which 
database blocks contain requested information); 

(c) checking the component (see column 12, lines 26-29; figure 1, block 300; measuring 
the amount and type of information) and record for validity (see column 11, lines 43-50; figure 1, 
block 200; figure 2, block 102; browsing though the index to see if it refers to requested data); 

(d) using the component to form the component assembly in accordance with the record 
(see column 12, lines 47-52; figure 1, blocks 300 and 200; decrypting information specified in 
the index information); and 

(e) performing a process based at least in part on the component assembly (see column 
12, lines 47-52; figure 1, blocks 300 and 200; information to be displayed, stored, printed, or 
communicated). 
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As per claim 91, Shear describes a method of using a governed item at a processing 
arrangement including: 

receiving a first rule at the processing arrangement (see column 1 1, lines 36-42; figure 1, 
blocks 200 and 300; figure 2, block 108c; sending the decryption key field to the decoder/biller); 

receiving a second rule at the processing arrangement, being received independently from 
the first rule and from the governed item (see column 19, lines 15-22; figure 3, block 314; 
permitting the user to store in the decoder/biller ceilings on database usage or cost of usage based 
on usage, period of time, and/or type of information which can be decrypted); and 

at the processing arrangement, employing the first rule and the second rule to securely 
govern at least one aspect of access to and use of the governed item (see column 1 1, lines 8-14; 
column 12, lines 47-52; figure 1, block 300; figure 2, blocks 108b and 108c; decrypting the 
information with the decryption key; see column 19, lines 22-26; figure 4a, block 410; until the 
total of decrypted data exceeds the user-specified parameter value), and 

storing audit-related information relating to the access or use (see column 19, lines 22-26; 
figure 1, block 200; figure 4a, block 416; keeping a running total of the parameters that the user 
has specified). 

As per claim 92, Shear further mentions: 

the first rule is directly and indirectly received from a first entity (see column 1 1, lines 
36-42; figure 1, blocks 200 and 300; figure 2, block 108c; sending the decryption key field to the 
decoder/biller; column 11, lines 23-27; where the data communications pathway between the 
host computer and the decoder/biller may be a shared data bus or a network); and 
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the second rule is directly or indirectly received from a second entity different from the 
first entity (see column 19, lines 15-22; figure 3, block 314; permitting the user to store in the 
decoder/biller ceilings on database usage or cost of usage based on usage, period of time, and/or 
type of information which can be decrypted). 

As per claim 93, Shear then points out: 

receiving the governed item along with the first rule (see column 1 1, lines 36-42; figure 
1, blocks 200 and 300; figure 2, blocks 108 b and 108c; sending the blocks of information along 
with the decryption key field to the decoder/biller). 

As per claim 94, Shear additionally delineates: 

at least a portion of the governed item is received in an encrypted state (see column 11, 
lines 34-42; figure 2, blocks 106, 108b, and 108c; loading one or more blocks of the stored 
database information consisting of encrypted fields and decryption keys); and 

employing the first rule and the second rule to securely govern at least one aspect of 
access to and use of the governed item includes decrypting at least a portion of the governed item 
(see column 11, lines 8-14; column 12, lines 47-52; figure 1, block 300; figure 2, blocks 108b 
and 108c; decrypting the information with the decryption key; see column 19, lines 22-26; figure 
4a, block 410; until the total of decrypted data exceeds the user-specified parameter value). 


As per claim 95, Shear depicts a method for using a governed item including: 
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(a) encrypting at least a portion of the governed item (see column 10, lines 56-57; figure 
2, block 108b; encrypted database information fields); 

(b) storing the governed item in a memory of the a first processing arrangement at a first 
site (see column 11, lines 34-36; figure 1, block 200; figure 2, blocks 106 and 108b; controlling 
the host computer to load one or more of the encrypted data blocks); 

(c) receiving a first rule set made up of one or more rules at the first processing 
arrangement, received directly and indirectly from a second processing arrangement located at a 
second site located remotely from the first site (see column 11, lines 34-42; figure 1, blocks 100 
and 200; figure 2, blocks 106 and 108c; loading blocks including decryption key fields; column 
19, lines 31-39; where the customer site is located remotely from the storage medium); 

(d) at the first processing arrangement, decrypting at least a portion of the governed item, 
being governed by one or more of the first rule set rules (see column 9, lines 30-33; figure 1, 
blocks 200 and 300; the decoder/biller is either a hardware component apart of or computer 
software executing on the host computer; see column 11, lines 8-14; column 12, lines 47-52; 
figure 1, block 300; figure 2, blocks 108b and 108c; decrypting the information with the 
decryption key); 

(e) at the first processing arrangement, making a use of the governed item, being 
governed at least in part by one or more of the first rule set rules (see column 12, lines 47-52; 
figure 1, blocks 300 and 200; figure 2, blocks 108b and 108c; decrypting the information with 
the decryption key for display, storage, printing, telecommunications, or otherwise available to 
the user); and 
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(f) at the first processing arrangement, storing audit-related information relating to the 
use of the governed item, being governed at least in part by one or more of the first rule set rules 
(see column 12, lines 29-34; figure 1, block 300; storing all necessary billing and usage 
information in a non- volatile memory device). 

As per claim 96, Shear further discusses: 

(g) using at least a portion of the audit-related information to determine a payment (see 
column 12, lines 29-34; storing all necessary billing information). 

As per claim 97, Shear also points out: 

the audit-related information includes payment information (see column 19, lines 26-30; 
budgeting database use to an amount selected for payment). 

As per claim 98, Shear then suggests: 

the audit-related information includes identification information (see column 19, lines 15- 
26; keeping a running total on the type of information that can be decrypted). 

As per claim 99, Shear next specifies: 

The audit-related information includes information at least in part identifying the first 
processing arrangement and a user of the first the first processing arrangement (see column 19, 
lines 26-30; permitting a user to budget his database use on the host computer). 
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As per claim 100 5 Shear moreover elaborates: 

(g) receiving a second rule set made up of one or more rules at the first processing 
arrangement, being received separately from the first rule set (see column 19, lines 15-22; figure 
3, block 314; permitting the user to store in the decoder/biller ceilings on database usage or cost 
of usage based on usage, period of time, and/or type of information which can be decrypted). 

As per claim 101, Shear also points out: 

the second rule set is directly or indirectly received from a third processing arrangement 
located at a third site remote from the first and from the second site (see column 19, lines 28-30; 
permitting an organization to directly limit the cost of database access by employees to an 
amount selected by the organization; see column 19, lines 12-15; by programming parameters to 
limit the user's use of database information). 

As per claim 102, Shear further discusses: 

(h) using a rule from the second rule set to at least in part govern an aspect of access to 
and use of the governed item (see column 11, lines 8-14; column 12, lines 47-52; figure 1, block 
300; figure 2, blocks 108b and 108c; decrypting the information with the decryption key; see 
column 19, lines 22-26; figure 4a, block 410; until the total of decrypted data exceeds the user- 
specified parameter value). 

As per claim 103, Shear then suggests: 
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using the second rule includes at least in part governing an attempt to transfer at least a 
portion of the governed data item from the first data processing arrangement to a different 
processing arrangement (see column 19, lines 22-26; ceasing decrypting database information if 
the total exceeds the user-specified parameter value; column 12, lines 47-52; to prevent returning 
decrypted information for telecommunications). 

As per claim 108, Shear delineates a method including: 

storing a first control in a memory of a processing arrangement (see column 19, lines 15- 
22; figure 3, block 314; permitting the user to store in the decoder/biller ceilings on database 
usage or cost of usage based on usage, period of time, and/or type of information which can be 
decrypted); 

at the processing arrangement, receiving a second control (see column 11, lines 36-42; 
figure 1, blocks 200 and 300; figure 2, block 108c; sending the decryption key field to the 
decoder/biller); 

using the first and second control to at least in part govern the decryption of at least a 
portion of the data item (see column 1 1, lines 8-14; column 12, lines 47-52; figure 1, block 300; 
figure 2, blocks 108b and 108c; decrypting the information with the decryption key; see column 
19, lines 22-26; figure 4a, block 410; until the total of decrypted data exceeds the user-specified 
parameter value); and 

using the first control and second control to govern an aspect of access to and use of the 
data item, including requiring that audit-related information be stored (see column 19, lines 22- 
26; figure 1, block 200; figure 4a, block 416; keeping a running total of the parameters that the 
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user has specified; see column 19, lines 15-22; figure 3, block 314; in accordance with the 
ceilings on database usage or cost of usage based on usage, period of time, and/or type of 
information which can be decrypted). 

As per claim 109, Shear also points out: 

the stored information includes information relating to payment for the access or use of 
the data item (see column 19, lines 26-30; budgeting database use to an amount selected for 
payment). 

As per claim 1 10, Shear depicts a method of controlling an operation at a processing 
arrangement including a memory, a removable memory reader and a communications port, 
including: 

storing a first digital control in the memory (see column 11, lines 36-42; figure 1, blocks 
200 and 300; figure 2, block 108c; sending the decryption key fields to the decoder/biller for 
storage for processing); 

inserting a removable memory into the removable memory reader (see column 9, lines 4- 
1 1 ; figure 1, blocks 100 and 200; predefined database(s) stored on a storage medium are read by 
a host computer; see column 9, lines 38-46; figure 1, block 100; where the database storage 
medium is an optical disk); 

detecting a governed item stored in the removable memory, being at least in part 
encrypted (see column 1 1, lines 28-33; figure 2, blocks 102 and 106; reading the index 
information stored in the medium to ascertain which database blocks contain information 
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specified by the user request; column 10, lines 56-57; figure 2, block 108b; stored in encrypted 
database information fields); 

receiving a second digital control through the communications port (see column 19, lines 
15-22; figure 3, block 314; permitting the user to store in the decoder/biller ceilings on database 
usage or cost of usage based on usage, period of time, and/or type of information which can be 
decrypted); 

using at least a portion of the governed item, being governed at least in part by the first 
digital control and the second digital control (see column 11, lines 8-14; column 12, lines 47-52; 
figure 1, block 300; figure 2, blocks 108b and 108c; decrypting the information with the 
decryption key; see column 19, lines 22-26; figure 4a, block 410; until the total of decrypted data 
exceeds the user-specified parameter value); and 

storing audit-related information relating to the use of the governed item (see column 19, 
lines 22-26; figure 1, block 200; figure 4a, block 416; keeping a running total of the parameters 
that the user has specified; see column 19, lines 15-22; figure 3, block 314; in accordance with 
the ceilings on database usage or cost of usage based on usage, period of time, and/or type of 
information which can be decrypted). 

As per claim 111, Shear further specifies: 

that the removable memory is an optical disk (see column 9, lines 38-46; figure 1, block 
100; where the database storage medium is an optical disk). 


As per claim 1 12, Shear additionally points out: 
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that the second digital control is directly received from a second processing arrangement 
located remotely from the first processing arrangement (see column 19, lines 15-22; figure 3, 
block 314; permitting the user to store in the decoder/biller ceilings on database usage or cost of 
usage based on usage, period of time, and/or type of information which can be decrypted). 

9. Claims 1, 91-103, and 108-1 12 are rejected under 35 U.S.C. 102(f) because the applicant 
did not invent the claimed subject matter. Only one of the applicants of the instant application is 
the sole inventor of Shear, U.S. Patent No. 5,050,213 A. See MPEP § 2137. 

10. Claims 104-107 are rejected under 35 U.S.C. 102(e) as being anticipated by Stefik et al. ? 
U.S. Patent No. 5,638,443 A. 

As per claim 104, Stefik et al. describe a method for performing a commercial process 
including: 

at a processing arrangement located at a first site, receiving a first communication 
including a first programming module and first authentication information, being directly or 
indirectly received from a second site located remotely from the first site (see column 36, lines 
22-27; sending to the server a message to initiate a play transaction, including the work to be 
played, the identity of the player being used, and the file data of the work); 

at the processing arrangement, using the first authentication information to at least in part 
authenticate the first programming module (see column 36, lines 28-31; the server checking the 
validity of the player identification with the player specification in the right); 
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at the processing arrangement, receiving a second communication including a second 
programming module and second authentication information, being indirectly received from a 
third site located remotely from the first site and from the second site (see column 36, lines 32- 
33; the repository perform common opening transaction steps for registration; see column 27, 
lines 32-48; figure 16, steps 1602 and 1603; registration message comprised of an identifier of a 
master repository, an identification certificate for repository- 1 encrypted by the master 
repository, and encrypted random registration identifier); 

at the processing arrangement, using the second authentication information to at least in 
part authenticate the second programming module (see column 27, lines 57-59; figure 16, step 
1608; checking the extracted repository identifier against a "hotlist" of compromised document 
repositories); and 

at the processing arrangement, executing programming from the first programming 
module (see column 36, lines 36-37; playing the work contents according to the request) and 
programming from the second programming module (see column 28, lines 39-43; playing the 
work contents upon successful completion of the registration transaction), the execution 
contributing to the performance of a commercial process including: 

(1) using a governed item (see column 36, line 36-37; playing the work contents 
according to the request); and 

(2) storing audit-related information relating to the governed item use (see column 29, 
lines 55-61; listing charges from the parts of the digital work played). 


As per claim 105, Stefik et al. further embody: 
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the governed item including digitally-encoded audio (see column 36, lines 8-10; digital 
work including audio); and 

rendering at least a portion of the digitally-encoded audio through an output device (see 
column 36, lines 8-10; playing the digital work on a transducer). 

As per claim 106, Stefik et al. disclose a method of governing an operation at a 
processing arrangement, including: 

(a) at the processing arrangement, receiving a first control directly or indirectly from a 
first party (see column 36, lines 22-27; sending to the server a message to initiate a play 
transaction, including the work to be played, the identity of the player being used, and the file 
data of the work); 

(b) at the processing arrangement, receiving a second control indirectly from a second 
party (see column 36, lines 32-33; the repository perform common opening transaction steps for 
registration; see column 27, lines 32-48; figure 16, steps 1602 and 1603; registration message 
comprised of an identifier of a master repository, an identification certificate for repository- 1 
encrypted by the master repository, and encrypted random registration identifier); 

(c) at the processing arrangement, using the first control (see column 36, lines 36-37; 
playing the work contents according to the request) and second control (see column 28, lines 39- 
43; playing the work contents upon successful completion of the registration transaction) to at 
least in part govern a use of an item; 
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(d) storing a first type of audit-related information relating to the use of the item, required 
by the first control (see column 29, lines 55-61; listing charges from the parts of the digital work 
played); and 

(e) storing a second type of audit-related information relating to the use of the item, 
required by the second control (see column 29, lines 55-61; assigning a charge in accordance to 
the identities of the repositories in the transaction). 

As per claim 107, Stefik et al. specify: 

that the information in step (e) includes at least in part identifying both the processing 
arrangement (see column 29, lines 55-61 ; assigning a charge based on the repositories in the 
transaction) and the user of the processing arrangement (see column 30, lines 5-10; a report- 
charges transaction between a personal credit server and a billing clearinghouse, charging a 
personal credit card). 

Telephone Inquiry Contacts 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Justin T. Darrow whose telephone number is (703) 305-3872 and 
whose electronic mail address isjustin.darrow@uspto.gov. The examiner can normally be 
reached Monday-Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr., can be reached at (703) 305-1830. 
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Art Unit: 2132 

The fax numbers for Formal or Official faxes to Technology Center 2100 are (703) 305- 
0040 and (703) 746-7239. Draft or Informal faxes for this Art Unit can also be submitted to 
(703) 746-7240. In order for a formal paper transmitted by fax to be entered into the application 
file, the paper and/or fax cover sheet must be signed by a representative for the applicant. Faxed 
formal papers for application file entry, such as amendments adding claims, extensions of time, 
and statutory disclaimers for which fees must be charged before entry, must be transmitted with 
an authorization to charge a deposit account to cover such fees. It is also recommended that the 
cover sheet for the fax of a formal paper have printed "OFFICIAL FAX". Formal papers 
transmitted by fax usually require three business days for entry into the application file and 
consideration by the examiner. Formal or Official faxes including amendments after final 
rejection (37 CFR 1.116) should be submitted to (703) 746-7238 for expedited entry into the 
application file. It is further recommended that the cover sheet for the fax containing an 
amendment after final rejection have printed not only "OFFICIAL FAX" but also 
"AMENDMENT AFTER FINAL". 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is (703) 305-3900. 

August 25, 2003 



JUSTIN T. DARROW 
PRIMARY EXAMINER 
TECHNOLOGY CENTER 2100 


